Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5aa13a4d authored by Julia Reynolds's avatar Julia Reynolds
Browse files

Don't autogrant permissions on managed profiles 

These services run on the parent profile and act on
both. Also cean up approval lists on user removal.

Test: manual, runtest systemui-notification
Bug: 64073967
Change-Id: If3d2b36d57e98358bcaf80e7a8885ee7d25c2a4b
parent 0d9c30cf

services/core/java/com/android/server/notification/ManagedServices.java

+5 −0
Original line number Diff line number Diff line
@@ -455,6 +455,11 @@ abstract public class ManagedServices { 
        }

    }



    public void onUserRemoved(int user) {

        mApproved.remove(user);

        rebindServices(true);

    }



    public void onUserSwitched(int user) {

        if (DEBUG) Slog.d(TAG, "onUserSwitched u=" + user);

        if (Arrays.equals(mLastSeenProfileIds, mUserProfiles.getCurrentProfileIds())) {

services/core/java/com/android/server/notification/NotificationManagerService.java

+6 −1
Original line number Diff line number Diff line
@@ -985,12 +985,17 @@ public class NotificationManagerService extends SystemService { 
                final int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, USER_NULL);

                if (userId != USER_NULL) {

                    mUserProfiles.updateCache(context);

                    if (!mUserProfiles.isManagedProfile(userId)) {

                        readDefaultApprovedServices(userId);

                    }

                }

            } else if (action.equals(Intent.ACTION_USER_REMOVED)) {

                final int user = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, USER_NULL);

                mZenModeHelper.onUserRemoved(user);

                mRankingHelper.onUserRemoved(user);

                mListeners.onUserRemoved(user);

                mConditionProviders.onUserRemoved(user);

                mAssistants.onUserRemoved(user);

                savePolicyFile();

            } else if (action.equals(Intent.ACTION_USER_UNLOCKED)) {

                final int user = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, USER_NULL);

services/tests/notification/src/com/android/server/notification/ManagedServicesTest.java

+29 −1
Original line number Diff line number Diff line
@@ -91,6 +91,7 @@ public class ManagedServicesTest extends NotificationTestCase { 
    private ArrayMap<Integer, String> mExpectedSecondaryPackages;

    private ArrayMap<Integer, String> mExpectedSecondaryComponentNames;



    // type : user : list of approved

    private ArrayMap<Integer, ArrayMap<Integer, String>> mExpectedPrimary = new ArrayMap<>();

    private ArrayMap<Integer, ArrayMap<Integer, String>> mExpectedSecondary = new ArrayMap<>();
@@ -578,6 +579,32 @@ public class ManagedServicesTest extends NotificationTestCase { 
        assertEquals(0, service.getAllowedComponents(10).size());

    }



    @Test

    public void testOnUserRemoved() throws Exception {

        for (int approvalLevel : new int[] {APPROVAL_BY_COMPONENT, APPROVAL_BY_PACKAGE}) {

            ManagedServices service = new TestManagedServices(getContext(), mLock, mUserProfiles,

                    mIpm, approvalLevel);

            loadXml(service);



            ArrayMap<Integer, String> verifyMap = mExpectedPrimary.get(service.mApprovalLevel);

            String user0 = verifyMap.remove(0);

            verifyMap = mExpectedSecondary.get(service.mApprovalLevel);

            user0 = user0 + ":" + verifyMap.remove(0);



            service.onUserRemoved(0);



            for (String verifyValue : user0.split(":")) {

                if (!TextUtils.isEmpty(verifyValue)) {

                    assertFalse("service type " + service.mApprovalLevel + ":" + verifyValue

                            + " is still allowed",

                            service.isPackageOrComponentAllowed(verifyValue, 0));

                }

            }



            verifyExpectedApprovedEntries(service);

        }

    }



    private void loadXml(ManagedServices service) throws Exception {

        final StringBuffer xml = new StringBuffer();

        xml.append("<" + service.getConfig().xmlTag + ">\n");
@@ -657,7 +684,8 @@ public class ManagedServicesTest extends NotificationTestCase { 
            for (String packageOrComponent : verifyMap.get(userId).split(":")) {

                if (!TextUtils.isEmpty(packageOrComponent)) {

                    if (service.mApprovalLevel == APPROVAL_BY_PACKAGE) {

                        assertTrue(packageOrComponent, service.isComponentEnabledForPackage(packageOrComponent));

                        assertTrue(packageOrComponent,

                                service.isComponentEnabledForPackage(packageOrComponent));

                        for (int i = 1; i <= 3; i ++) {

                            ComponentName componentName = ComponentName.unflattenFromString(

                                    packageOrComponent +"/C" + i);